tcpdump: pcap_loop: invalid packet capture length 305933, bigger than maximum of 262144

[zynzynack]

Unsure if this is a tcpprep usage-of-tcpdump issue, or an issue with tcpdump. Also see appneta/tcpreplay#571

tcpdump version 4.9.3
libpcap version 1.8.1
tcpprep version: 4.2.6
Ubuntu 18.04.4 LTS

$ tcpdump -i eth0 -w my.pcap
wait....CTRL-C

$ tcpprep -v -a server -o my.cache -i my.pcap
reading from file -, link-type EN10MB (Ethernet)
tcpdump: pcap_loop: invalid packet capture length 305933, bigger than maximum of 262144

Enlarging

tcpdump/netdissect.h

Line 335 in 4e67f5b

#define MAXIMUM_SNAPLEN 262144

to satisfy

tcpdump/tcpdump.c

Line 1747 in 8d3c2ed

|| ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)

solves this.

[guyharris]

Unsure if this is a tcpprep usage-of-tcpdump issue, or an issue with tcpdump.

I vote "tcpprep usage-of-tcpdump issue", as there appears to be another such issue, at least on macOS:

$ tcpdump -i en0 -w my.pcap
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C2195 packets captured
2195 packets received by filter
0 packets dropped by kernel
$ tcpprep -v -a server -o my.cache -i my.pcap
tcpdump: unknown file format
$ file my.pcap
my.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 262144)

If you do tcpdump -r my.pcap it will probably work; if it does, this is definitely a tcpprep usage-of-tcpdump issue.

[zynzynack]

Agreed, upgrading from the Ubuntu repo supplied tcpreplay package containing "tcpprep version: 4.2.6 (build git:v4.2.6) (debug)" to latest release of tcpreplay "tcpprep version: 4.3.1 (build git:v4.3.1)" resolves this issue for me.